Phishing campaigns run rampant on social networks

In January, GFI threat researchers identified a number of social network-based cybercrime attacks, including phishing messages on Twitter and Facebook, as well as malicious spam messages disguised as event invites on LinkedIn.

“As the brands of popular social networking sites become more engrained in our culture, their value to cybercriminals looking for new ways to disguise their attack campaigns will only increase,” said Christopher Boyd, senior threat researcher at GFI Software.

“More and more young people entering the workforce think of social networking as a standard part of everyday life. By focusing their efforts on these sites, cybercriminals can increase their chances of fooling a larger number of users to unknowingly download malware onto their PCs and mobile devices. As a result, these users end up providing social network account information that can be used to reach even more potential victims,” Boyd added.

A number of Twitter users found themselves targeted by a direct message phishing campaign in January. The messages claimed that the victims were being singled out by a Twitter account that was spreading “nasty blogs” about them. The links contained in the messages led to a site that mimicked the official Twitter login screen.

Users who unwittingly entered their account information without first looking at the page URL were sent to a 404 error message and then redirected to the legitimate Twitter login screen in an effort to fool them into thinking that they had simply encountered a problem on the real site.

Facebook users were the targets of a similar spam message, this one claiming that the victims had violated the social network’s policies by “annoying or insulting” other users, and ordering them to reconfirm their accounts to avoid being banned from the site. Users who clicked on the link contained within the message were taken to a page explaining that they had to complete a “security check” by entering personally identifiable information and Facebook login credentials, as well as revealing which webmail service was linked with their Facebook accounts.

Finally, each user was prompted to enter the first six digits of their credit card, regardless of whether or not they had purchased Facebook credits in the past. After entering the first six digits, victims were required to provide the rest of the card number in order to “verify” their account, before having the hijacked accounts send out the same phishing message to their lists of Facebook friends.

Elsewhere, on the popular professional networking site LinkedIn, members who identified themselves as business owners received spam emails notifying them that an employee had sent them an event invitation.

Clicking on the links in the email directed the victims to malicious sites containing malware that exploited unpatched vulnerabilities on their systems. Users who did not click on the malicious links or who kept their third party software up to date were less at risk of infection.